Cybersecurity firm Fortinet has asked established financial institutions and their fintech partners to jointly address critical cybersecurity needs in order to forge successful collaborations. The general lack of cybersecurity safeguards in fintech companies has raised serious concerns around data protection and compliance, especially with the implementation of EU's GDPR in May 2018. The recent spate of global cyberattacks has also emphasized the need for application security and cloud protection.
“While the majority of banks view these partnerships as necessary, 71 percent have also expressed concerns with the cyber risks associated with fintech firms, while 48 percent cited regulatory risks as deterrence. Fintech companies typically have fewer human and capital resources to spend on security, let alone address other regulation requirements. More specifically, these security concerns especially surround application security and cloud use, which are the most important development inflection points that the market is demanding,” said Rajesh Maurya, Regional Vice President, India & SAARC at Fortinet.
Fintech companies have been able to innovate at a rapid pace, as they are not bound by legacy IT or, especially, extreme governance. This has allowed them to churn out new products and updates at an increased rate that regulatory bodies have struggled to keep up with. However, as fintech becomes more engrained in consumers' everyday lives, accessing and storing the sensitive personal data that cybercriminals covet is an increasing challenge, and regulatory crackdowns are inevitable.
Large financial institutions and smaller fintech companies are increasingly leveraging on each other to successfully meet the growing consumer demands in the Asia Pacific for greater accessibility and management of their finances. For established firms, such fintech partnerships will allow for faster innovation, while the value for smaller fintech firms will come from the revenue, scale, and credibility banks provide. According to market researcher Frost & Sullivan, the Asia Pacific fintech market is witnessing unprecedented growth, driven primarily by digital payments. The Fintech industry in Asia Pacific is expected to reach US$72 billion by 2020, at a compounded annual growth rate (CAGR) of 72.5 per cent.
Fortinet advises banks and fintech companies to find a way forward that allows for technical innovation and performance without compromising security by focusing on Application Security, Cloud Security and Automated Threat Intelligence.
Application Security: Fintech largely relies on applications that can access users' financial profiles to perform a variety of real-time transactions. Applications are an increasingly common attack vector, and vulnerable code can be exploited as an entryway into financial networks. Banks and fintech need to ensure that a robust application security infrastructure is in place to protect user data. This should include a web application firewall enabled with current threat intelligence to identify and mitigate known and unknown threats, as well as detect and patch vulnerabilities.
Cloud Security: Many fintech companies utilize cloud services to provide consistent, scalable performance with lower upfront costs. However, the cloud must be secured differently than a traditional network or data center, and disparate point solutions often amplify data movement while reducing visibility across these distributed environments. Banks and fintech firms must ensure that the same security standards they apply to their own networks are applied in the cloud. In addition to detection and prevention, this security must also be dynamically adaptable and scalable to ensure that is can grow seamlessly alongside cloud use. Additionally, to secure financial data, firms need to implement internal segmentation, along with cloud access security brokers, to improve data visibility while integrating industry security standards.
Automated Threat Intelligence: An integrated defence needs to be enabled with automated threat intelligence to become a holistic system. As banks and fintech firms enter into partnerships, it will be impossible for IT teams to manually gather and assess all of this threat intelligence in a timely manner. Machine learning will be integral to this process. Cybercriminals are already leveraging automation to make attacks more effective and persistent. Likewise, machine learning and automation integrated into network security tools enable the detection and prevention of attacks in real-time, allowing organization to keep pace with cybercriminals.
“A successful partnership from both sides of the financial services space is dependent on the other. In fact, data shows that three-quarters of large financial firms recognize the importance of collaboration with fintech firms. Moving forward, banks and fintech organizations should seek to integrate traditionally isolated security solutions together using a common security fabric approach. This allows for instant and dynamic communication and collaboration within the security architecture,” added Rajesh Maurya.
Editor's note for transparency: The headline of this article has been slightly edited on June 5, 2021.